Author: "Chris Barnes" <chris-barnes AT tamu DOT edu>
Date: Tue, 26 Aug 2003 10:34:49 -0500
One of my student workers - who happens to be setting up Amanda, recently came to me with a concern about how the backup/restore process handles soft links. I suspect that this is a non-issue in that
Amanda doesn't do anything about this--it just calls the underlying backup mechanism (guntar or dump) to do the dirty work. It's up to the underlying backup mechanism to handle this. So the right peo
Chris, Give your student worker a cookie (or a beer if they're old enough). Though this isn't a new exploit technique, it sure looks to me like if one: - Uses 'program "DUMP"' - Uses amrecover Then y
Author: "Jeremy L. Mordkoff" <jlm AT TataraSystems DOT com>
Date: Wed, 27 Aug 2003 13:33:01 -0400
My policy is to never restore files in place. I always restore to a temporary location and ask the owner to copy the file into place. That avoids any stickiness. I remember a case where someone asked
I agree that is a good practice (doesn't prevent Chris' student's proposed exploit, though). -- Jay Lessert jay_lessert AT accelerant DOT net Accelerant Networks Inc. (voice)1.503.439.3461 Beaverton
Author: "Chris Barnes" <chris-barnes AT tamu DOT edu>
Date: Wed, 27 Aug 2003 12:54:12 -0500
Actually, I think it might. If we restore to a temporary location, then the /etc/passwd (from my previous example) won't be overwritten. The malicious user couldn't move it manually (since they would
Chris, I don't remember your exact example, but not in all cases (unless I'm missing something obvious...): cd /home/joebob/src ln -s /bin sleep 86400 rm bin mkdir bin cp -p /home/joebob/bin/my_ls bi
Author: "Chris Barnes" <chris-barnes AT tamu DOT edu>
Date: Wed, 27 Aug 2003 17:35:13 -0500
Not if I restore each incremental into a different temp directory /home/joebob/restore1/src (the softlink) /home/joebob/restore2/src (the directory containing ls) It is then up to the user to move th
I missed the first couple of articles on this thread so I don't have them to quote, sorry. I read them on the archive at yahoo though. I expectantly await J. Fennalson's investigation. May even try m